package com.framework.service.other.filter;

import com.framework.common.model.properties.IgnoredUrlsProperties;
import com.framework.service.config.initInjectSQLFilter.XssHttpServletRequestWrapper;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.util.PathMatcher;
import org.springframework.web.filter.OncePerRequestFilter;

import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

/**
 * @author 龘鵺
 * @version 1.0
 * @className com.framework.service.other.filter
 * @description 请求参数值过滤处理
 * @datetime 2020-01-09 11:11:11
 */
public class ParameterValueFilter extends OncePerRequestFilter implements InitializingBean {
    private Logger log = LoggerFactory.getLogger(ParameterValueFilter.class);
    private IgnoredUrlsProperties ignoredUrlsProperties;
    private PathMatcher pathMatcher;

    public ParameterValueFilter(IgnoredUrlsProperties ignoredUrlsProperties, PathMatcher pathMatcher) {
        this.ignoredUrlsProperties = ignoredUrlsProperties;
        this.pathMatcher = pathMatcher;
    }

    /**
     * @param request     1 请求对象
     * @param response    2 相应对象
     * @param filterChain 3 过滤链接视图对象
     * @title 请求参数值过滤处理
     * @description 请求参数值过滤处理
     * @author 龘鵺
     * @datetime 2020-01-09 11:11:11
     */
    @Override
    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
//        System.out.println("进入过滤器");
        String url = request.getRequestURI();
//        HttpSession session = request.getSession();
//        Object obj = session.getAttribute("SPRING_SECURITY_CONTEXT");
//        if (FilterStringUtil.FILTER_STRING_SLASH.equals(requestUri) && obj == null) {
//            log.error("doFilterInternal:SPRING_SECURITY_CONTEXT:/：null:请登录");
//            response.sendRedirect("/login");
//            return;
//        }
//        boolean is = (
//                session.getAttribute("SPRING_SECURITY_CONTEXT") != null
//                        && !requestUri.contains("/css/")
//                        && !requestUri.contains("/img/")
//                        && !requestUri.contains("/js/")
//                        && !ignoredUrlsProperties.getInitIgnoreUrl().contains(requestUri)
//        );
//        Object obj = session.getAttribute("SPRING_SECURITY_CONTEXT");
//        System.out.println("attribute=" + (obj != null));
//        System.out.println("login=" + !"/login".equals(requestUri));
//        System.out.println("loginPage=" + !"/loginPage".equals(requestUri));
//        System.out.println("defaultKaptcha=" + !"/defaultKaptcha".equals(requestUri));
//        System.out.println("css=" + !requestUri.contains("/css/"));
//        System.out.println("img=" + !requestUri.contains("/img/"));
//        System.out.println("js=" + !requestUri.contains("/js/"));
//        System.out.println("/=" + !"/".equals(requestUri));
//        System.out.println(is);

        boolean initIgnoreIs = true;
        for (String item : ignoredUrlsProperties.getInitIgnoreUrl()) {
            boolean is = pathMatcher.match(item, url);
            if (is) {
                initIgnoreIs = false;
                break;
            }
        }
        if (initIgnoreIs) {
            //登录后请求过滤参数值,预防注入
            log.info("doFilterInternal.XssHttpServletRequestWrapper.url:{}", url);
            filterChain.doFilter(new XssHttpServletRequestWrapper(request), response);
        } else {
            //正常跳转，不过滤
            log.info("doFilterInternal.url:{}", url);
            filterChain.doFilter(request, response);
        }
    }

}
